httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael A. Pasek" <mike...@michael-pasek.com>
Subject [users@httpd] Re: Stability problems with Apache on OS X 10.6 Server
Date Mon, 21 Dec 2009 16:31:19 GMT
In users Digest Issue 3741 (21 Dec 2009 15:54:32 -0000), Thomas Scheider wrote:

> [problems with LDAP authentication on 10.6.2]
> After 5000+ SSL requests, users begin to be denied log-in to the web 
> site. In the Apache error_log the following is written:
>  
> [Mon Dec 21 09:14:23 2009] [info] Initial (No.1) HTTPS request received for child 6 (server
172.25.2.99:443)
> could not lookup DNS configuration info service: (ipc/send) invalid destination port
> [...]
> On the same server I have a ProFTPD running which also does log-in 
> verification against the LDAP server and retrieves varios information 
> about the user. The program runs into the same problems, ie. the "could 
> not lookup  ..." begins to appear in the itøs log file, and users are 
> refused access to the FTP server.
> [...]

This would imply that the problem lies not with Apache, but with either
the LDAP server or OS 10.6.2 (which is, I assume, the OS on which the 
Apache and ProFTPd applications are running).

> The messages "could not lookup .." does not begin to appear at the same 
> time in the logfiles. The apache may be running fine, while the FTP server 
> is rejecting users, and wise versa.

I'd suspect that the connections to the LDAP server are not being "cleaned
up", and once the application reaches it's per-process file descriptor limit
it is being denied its request to open another network connection (i.e.,
allocate another file descriptor).  Check the output of:
  lsof -nPi | grep ":389"
(NOTE: You must execute this as "root" in order to see _all_ the connections)
This should show you all the current connections to the LDAP server, which
application/process is "controlling" that connection, and the current
connection state.  

You might also check the system.log; there may be entries in there if the
LDAP connection requests ARE being rejected due to the filedescriptor limit. 

What to do next depends on:
  a) Whether my theory is correct; and,
  b) What state the connections are "hung" in.

Regards,

Michael A. Pasek

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message